Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232332e302f32342d3234203d3e20383334.roa
File:                     3138352e342e3232332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          NNi3jCeKmXjchDYKU7GmdMqe/b9IEpyGuH7OdietiyE=
Subject key identifier:   C3:29:72:55:F4:E6:64:3B:7C:62:44:54:6C:B2:BC:CA:72:92:40:31
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       7A5F192AB479D965EA889B64A46760A19B4E2DA3
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232332e302f32342d3234203d3e20383334.roa
Signing time:             Sat 15 Mar 2025 00:05:08 +0000
ROA not before:           Sat 15 Mar 2025 00:00:08 +0000
ROA not after:            Sat 14 Mar 2026 00:05:08 +0000
asID:                     834
IP address blocks:        185.4.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:5f:19:2a:b4:79:d9:65:ea:88:9b:64:a4:67:60:a1:9b:4e:2d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Mar 15 00:00:08 2025 GMT
            Not After : Mar 14 00:05:08 2026 GMT
        Subject: CN=C3297255F4E6643B7C6244546CB2BCCA72924031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:40:15:ac:c8:54:77:0e:27:62:b4:63:c8:6f:
                    94:f0:cc:81:8d:50:20:02:9a:4a:7e:8b:af:35:79:
                    fa:1e:07:e6:d1:27:8a:49:6d:0e:0d:45:5d:cb:42:
                    94:17:16:59:61:1f:e0:60:21:e8:93:fb:42:33:28:
                    4e:dd:84:c6:24:89:5d:bf:d8:7c:25:d9:69:3a:bd:
                    e0:76:dc:d9:8c:0e:29:6e:ea:67:90:b1:0d:26:ab:
                    a8:12:ce:c3:e8:5f:e9:dd:55:56:b1:41:4e:ef:93:
                    de:d4:ff:82:f6:36:4f:86:bb:31:f9:7d:ee:18:a8:
                    0b:d8:42:7b:93:2e:5f:e8:30:5a:17:19:40:38:6c:
                    20:0c:a7:ae:cf:2f:bc:16:a4:6f:70:8f:2e:21:96:
                    72:7e:0b:fa:3d:d7:ad:d6:9f:f7:2d:43:c6:19:a0:
                    36:2d:00:42:7b:d9:79:ab:93:65:1d:30:bb:73:70:
                    3d:83:89:82:06:45:57:19:7a:25:27:cb:30:9e:12:
                    44:a5:e1:93:9f:6f:55:50:e0:ac:b7:cc:78:1a:9c:
                    b1:c6:83:a5:ba:ce:83:69:e6:cf:64:ff:41:7d:b6:
                    70:a8:2b:a9:58:22:97:4b:08:18:26:91:aa:cb:f1:
                    ae:d9:4a:d4:0e:10:86:57:6e:9c:6a:aa:fb:3e:62:
                    c9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:29:72:55:F4:E6:64:3B:7C:62:44:54:6C:B2:BC:CA:72:92:40:31
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:78:e1:6f:f9:ee:5a:76:d5:a0:fb:82:4e:84:7d:7a:ab:69:
         65:bf:85:e6:91:0d:6a:6e:12:24:e3:ab:a3:5d:ca:9a:d5:a8:
         7f:46:eb:3c:d8:d1:88:c3:c8:19:4c:ae:3a:d4:56:61:d5:75:
         0f:d4:25:0c:4c:1a:21:08:78:e8:6d:a1:14:4b:77:3e:96:3e:
         f1:f2:ad:17:d5:9f:ff:9c:b3:0c:40:d1:ad:0a:8d:7d:13:62:
         47:61:ae:dd:3e:68:2a:4a:0d:b8:39:2d:b9:32:e5:e3:a9:89:
         c4:58:95:db:62:87:fc:66:67:58:ee:20:06:0c:f1:a1:52:d8:
         00:6e:5e:0c:0b:2e:9f:d4:6d:22:8e:53:bf:5d:63:0d:88:ae:
         e7:21:c1:cd:8d:98:ed:91:ab:ab:0b:41:57:15:4d:7a:22:f5:
         69:3a:d2:19:83:84:46:98:e1:10:26:99:4e:75:fd:7f:5b:dc:
         6f:e2:79:0c:0c:31:25:88:cc:a8:c7:bb:a6:a6:cc:c7:bf:30:
         e7:a6:a4:38:80:04:16:ce:a1:43:14:a0:2d:9a:7d:2d:38:33:
         9a:96:ca:1c:f9:e6:8f:e4:77:48:e7:65:cb:c9:a2:73:d3:81:
         a5:eb:f4:e3:07:d0:19:cb:8c:66:9c:72:6c:49:a1:ae:aa:0b:
         33:af:70:26
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUel8ZKrR52WXqiJtkpGdgoZtOLaMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNTAzMTUwMDAwMDhaFw0yNjAzMTQwMDA1MDhaMDMxMTAvBgNV
BAMTKEMzMjk3MjU1RjRFNjY0M0I3QzYyNDQ1NDZDQjJCQ0NBNzI5MjQwMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0QBWsyFR3DiditGPIb5TwzIGN
UCACmkp+i681efoeB+bRJ4pJbQ4NRV3LQpQXFllhH+BgIeiT+0IzKE7dhMYkiV2/
2Hwl2Wk6veB23NmMDilu6meQsQ0mq6gSzsPoX+ndVVaxQU7vk97U/4L2Nk+GuzH5
fe4YqAvYQnuTLl/oMFoXGUA4bCAMp67PL7wWpG9wjy4hlnJ+C/o9163Wn/ctQ8YZ
oDYtAEJ72Xmrk2UdMLtzcD2DiYIGRVcZeiUnyzCeEkSl4ZOfb1VQ4Ky3zHganLHG
g6W6zoNp5s9k/0F9tnCoK6lYIpdLCBgmkarL8a7ZStQOEIZXbpxqqvs+YskJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUwylyVfTmZDt8YkRUbLK8ynKSQDEwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzNDJlMzIzMjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQTfMA0G
CSqGSIb3DQEBCwUAA4IBAQBreOFv+e5adtWg+4JOhH16q2llv4XmkQ1qbhIk46uj
Xcqa1ah/Rus82NGIw8gZTK461FZh1XUP1CUMTBohCHjobaEUS3c+lj7x8q0X1Z//
nLMMQNGtCo19E2JHYa7dPmgqSg24OS25MuXjqYnEWJXbYof8ZmdY7iAGDPGhUtgA
bl4MCy6f1G0ijlO/XWMNiK7nIcHNjZjtkaurC0FXFU16IvVpOtIZg4RGmOEQJplO
df1/W9xv4nkMDDEliMyox7umpszHvzDnpqQ4gAQWzqFDFKAtmn0tODOalsoc+eaP
5HdI52XLyaJz04Gl6/TjB9AZy4xmnHJsSaGuqgszr3Am
-----END CERTIFICATE-----